Dag-Erling Smørgrav writes:
> Can loginmsg at this point contain the "Last login" text? That one's
> unsafe since it contains the result of a reverse DNS lookup.


a quick check suggests it can't, and AFAICT the offending code runs in
the unprivileged child, so I really can't see how he exploited it.

Does anybody know what's going on?

DES
--
Dag-Erling Smørgrav - des@des.no
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev